Follow Slashdot stories on Twitter


Forgot your password?
Security Privacy

Downloads of Popular Apps Were Silently Swapped For Spyware in Turkey: Citizen Lab ( 29

Matthew Braga, reporting for CBC: Since last fall, Turkish internet users attempting to download one of a handful of popular apps may have been the unwitting targets of a wide-reaching computer surveillance campaign. And in Egypt, users across the country have, seemingly at random, had their browsing activity mysteriously redirected to online money-making schemes. Internet filtering equipment sold by technology company Sandvine -- founded in Waterloo, Ont. -- is believed to have played a significant part in both.

That's according to new research from the University of Toronto's Citizen Lab, which has examined misuse of similar equipment from other companies in the past. The researchers say it's likely that Sandvine devices are not only being used to block the websites of news, political and human rights organizations, but are also surreptitiously redirecting users toward spyware and unwanted ads. Using network-filtering devices to sneak spyware onto targets' computers "has long been the stuff of legends" according to the report -- a practice previously documented in leaked NSA documents and spyware company brochures, the researchers say, but never before publicly observed.
Citizen Lab notes that targeted users in Turkey and Syria who attempted to download Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. It adds: This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive's (a platform featured by CNET to download software) were instead redirected to versions containing spyware. does not appear to support HTTPS despite purporting to offer "secure download" links.
This discussion has been archived. No new comments can be posted.

Downloads of Popular Apps Were Silently Swapped For Spyware in Turkey: Citizen Lab

Comments Filter:
  • The many joys... (Score:4, Informative)

    by SciCom Luke ( 2739317 ) on Friday March 09, 2018 @01:59PM (#56234337)
    ... of living in a dictatorship. Well one of them anyway.
    • What's the point of having an oppressed populace if you can't monetize their clicks?
  • by Anonymous Coward

    however, I never download anything without vetting what I've downloaded, either by dint of checking the checksum or emailing the developer should I think something is dodgy. Having worked in IT security for many years, I know what dangers lurk out there. I do the same for my iPhone. I have never found myself wanting an app that Apple has not included. I don't do my banking on my mobile. Ever. I live close enough to the city centre where I can simply visit my bank should I need to do so. And, what with the t

    • by plover ( 150551 )

      I take many similar precautions, but not all. (I have some utilities on my iPhone and will purchase on my credit card through it, but i don't do banking on it.)

      One thing I also do is distrust certain certificates; generally those I recognize as having been issued by countries run by despots. For example, I'll personally never have a need to a secure connection to any site in Turkey. So why should I trust their national issuer, when their government could theoretically abuse it to issue certs valid for any

  • by TheDarkener ( 198348 ) on Friday March 09, 2018 @02:23PM (#56234507) Homepage

    Even seemingly irrelevant content. This day in (the WWW's) age gives no excuses beyond being too lazy to update legacy websites and platforms. It should be the default everywhere and there should be a GOOD reason to transfer anything unencrypted.

  • Scumbags (Score:5, Insightful)

    by VeryFluffyBunny ( 5037285 ) on Friday March 09, 2018 @02:24PM (#56234511)
    So Sandvine are a bunch of scumbags who sell surveillance and malware tech to oppressive regimes that endangers journalists, political activists, and anyone associated with them, eh?
    • by Anonymous Coward
      To be fair, these devices were actually made by Procera (another Francisco Partners acquisition). They just very recently acquired Sandvine and slapped the Sandvine brand on a bunch of legacy products.
    • Re:Scumbags (Score:5, Informative)

      by isj ( 453011 ) on Friday March 09, 2018 @02:49PM (#56234671) Homepage


      Many of the newer DPI and PCEF engines are quite flexible, and can be configured by the customer (ISP/MNO/MVNO). The functionality is neutral and can be used for benign purposes (eg. redirect to top-up pages) or malign purposes (replacing a download). Sandvine is not the only vendor of such equipment - there's also Cisco, Allot, Huawei, ZTE, Procera, Alcatel, ...

      The article doesn't indicate if Sandvine helped with it or if it was done by the Turkish telco themselves. Given Sandvine's history with the Comcast bittorrent connection reset years ago, I wouldn't be surprised if Sandvine helped, or implemented specific features to facilitate the stuff in Turkey.

    • So Sandvine are a bunch of scumbags who sell surveillance and malware tech to oppressive regimes that endangers journalists, political activists, and anyone associated with them, eh?

      The Capitalists Will Sell Us the Rope with Which We Will Hang Them []

  • by Anonymous Coward on Friday March 09, 2018 @03:30PM (#56234929)

    It's becoming increasingly clear that no turk living today will ever see their dream of someday joining the EU realized in their lifetime.

    Turkey is another perfect example of collective gullibility, where a majority democratically and freely chose a leader because they were clueless enough to actually believe him when he told them he would respect democracy and freedom once in power.

    Frankly, I'm getting sick and tired of seeing country after country falling for the same old crap that's been going on for millenia time and time again. A supposedly intelligent species that simply cannot learn from the mistakes of its past and repeats them again and again and again is a textbook example of an evolutionary dead-end.

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"